phaupt
commented
6 years ago Example: X-MSS-MobileID-SN:="MIDCHEJC36PE5UR5"
The "MIDCHE" part is text literal in the certificate template. The tail part is the ICAO e-passport serial number, which is generated from a random value per ICAO specification. The generator creates unique value of 9 characters long, then appends a checksum character on it.
Line 245: https://github.com/SCS-CBU-CED-IAM/freeradius-mobileid/blob/3d688d498d25dc71d97544982dfb357fc8bdb085/exec-mobileid.sh#L245
UNIQUEIDNEW=$(echo "$RES_CERT_SUBJ" | sed -n -e 's/.*serialNumber=\(.*\),CN=.*/\1/p')The regular expression is expecting the 'CN' attribute after the 'serialNumber' attribute. The order of the attributes may change as the order of attributes is not specified.
The regular expression should be improved to be independent of the attribute order.